Corporate Compliance

Q&A: Voice mail disclaimer

Compliance Monitor, June 28, 2011

Q: A health plan representative called our ­clinic and said she could not include protected health information (PHI) in a ­voice mail ­message because our voice mail greeting did not state that the voice mail was confidential. Are covered ­entities required to include a confidentiality disclaimer as part of a voice mail greeting?

A: A voice mail greeting does not need to include a confidentiality disclaimer. It is important to remember, though, that the HIPAA Privacy and ­Security Rules represent the floor for privacy and security. A covered entity or business associate can elect to require more stringent privacy and security measures. This means the health plan can require a confidentiality disclaimer as part of the voice mail greeting before its representatives leave a message that includes PHI.

This tip was adapted from the July 2011 issue of Briefings on HIPAA. More information about Briefings on HIPAA is available at the HCMarketplace.

Most Popular